Merge pull request #125 from yakara-ltd/8-14

GitLab 8.14, GitLab Shell 4.0.2, migration to GitLab Workhorse, other fixes

Author: chewi

README.md

@@ -73,9 +73,6 @@ Attributes
 * `gitlab['email_from']`
   - Gitlab email from, default `gitlab@ + node.fqdn`
 
-* `gitlab['support_email']`
-  - Gitlab support email, default `gitlab-support@ + node.fqdn`
-
 * `gitlab['git_url']`
   - Github gitlab address, default https://github.com/gitlabhq/gitlabhq.git
 
@@ -128,11 +125,6 @@ Attributes
     See [nginx server_name documentation](http://nginx.org/en/docs/http/server_names.html)
     for valid matching patterns.
 
-* `gitlab['gravatar']['enabled']`
-  - Use Gravatar to fetch user avatars
-  - Options: "true", "false"
-  - Default "true"
-
 * `gitlab['unicorn']['timeout']`
   - Timeout in seconds to Unicorn
   - Default: 60
@@ -145,11 +137,6 @@ Attributes
 
 **Note**, This attributes are useful when you want only admins to create projects and groups. And to restrict username changing.
 
-* `gitlab['default_projects_limit']`
-  - When you create a user this value is their `projects_limit` profile setting.
-  - If you put it at 0, regular users can't create repos.
-  - Default, 10.
-
 * `gitlab['default_can_create_group']`
   - When you create a user this value is their `can_create_group` profile setting.
   - Default, true.

attributes/default.rb

@@ -26,22 +26,20 @@
 default['gitlab']['web_fqdn'] = node['fqdn']
 default['gitlab']['nginx_server_names'] = ['gitlab.*', node['fqdn']]
 default['gitlab']['email_from'] = "gitlab@#{node['domain']}"
-default['gitlab']['support_email'] = "gitlab-support@#{node['domain']}"
 default['gitlab']['unicorn']['timeout'] = 60
 
 # User default privileges
-default['gitlab']['default_projects_limit'] = 10
 default['gitlab']['default_can_create_group'] = true
 default['gitlab']['username_changing_enabled'] = true
 
 # Set github URL for gitlab
 default['gitlab']['git_url'] = 'https://github.com/gitlabhq/gitlabhq.git'
-default['gitlab']['git_branch'] = '8-5-stable'
+default['gitlab']['git_branch'] = '8-14-stable'
 
 # gitlab-shell attributes
 default['gitlab']['shell']['home'] = node['gitlab']['home'] + '/gitlab-shell'
 default['gitlab']['shell']['git_url'] = 'https://github.com/gitlabhq/gitlab-shell.git'
-default['gitlab']['shell']['git_branch'] = 'v2.6.10'
+default['gitlab']['shell']['git_branch'] = 'v4.0.2'
 default['gitlab']['shell']['gitlab_host'] = nil
 
 # Database setup
@@ -55,52 +53,75 @@
 default['gitlab']['database']['database'] = 'gitlab'
 default['gitlab']['database']['username'] = 'gitlab'
 default['gitlab']['database']['userhost'] = '127.0.0.1'
-default['gitlab']['postgresql']['username'] = 'postgres'
-default['gitlab']['database']['password'] = 'changeme'
+default['gitlab']['database']['password'] = nil
 
 # Ruby setup
 include_attribute 'ruby_build'
 default['ruby_build']['upgrade'] = 'sync'
-default['gitlab']['install_ruby'] = '2.1.8'
+default['gitlab']['install_ruby'] = '2.3.3'
 default['gitlab']['install_ruby_path'] = node['gitlab']['home']
 default['gitlab']['cookbook_dependencies'] = %w(
-  zlib readline ncurses openssh
-  logrotate redisio::default redisio::enable ruby_build
+  zlib
+  readline
+  ncurses
+  openssh
+  logrotate
+  redisio::default
+  redisio::enable
+  ruby_build
 )
 
 # Redisio instance name
 default['gitlab']['redis_instance'] = 'redis-server'
 
 # Required packages for Gitlab
+default['gitlab']['packages'] = %w(
+  cmake
+  curl
+  golang
+  nodejs
+  python-docutils
+  sudo
+  wget
+)
 case node['platform_family']
 when 'debian'
-  default['gitlab']['packages'] = %w(
-    libyaml-dev libssl-dev libgdbm-dev libffi-dev checkinstall
-    curl libcurl4-openssl-dev libicu-dev wget python-docutils sudo
-    cmake libkrb5-dev pkg-config nodejs
+  default['gitlab']['packages'] += %w(
+    checkinstall
+    libcurl4-openssl-dev
+    libffi-dev
+    libgdbm-dev
+    libicu-dev
+    libkrb5-dev
+    libssl-dev
+    libyaml-dev
+    pkg-config
   )
 when 'rhel'
-  default['gitlab']['packages'] = %w(
-    libyaml-devel openssl-devel gdbm-devel libffi-devel
-    curl libcurl-devel libicu-devel wget python-docutils sudo
-    cmake krb5-devel pkgconfig nodejs jemalloc jemalloc-devel
-  )
-else
-  default['gitlab']['install_ruby'] = 'package'
-  default['gitlab']['cookbook_dependencies'] = %w(
-    openssh readline zlib ruby_build
-    redisio::default redisio::enable
-  )
-  default['gitlab']['packages'] = %w(
-    autoconf binon flex gcc gcc-c++ make m4 cmake
-    git
-    zlib1g-dev libyaml-dev libssl-dev libgdbm-dev
-    libreadline-dev libncurses5-dev libffi-dev curl git-core openssh-server
-    redis-server checkinstall libxml2-dev libxslt-dev libcurl4-openssl-dev
-    libicu-dev python-docutils sudo libkrb5-dev pkg-config nodejs
+  default['gitlab']['packages'] += %w(
+    gdbm-devel
+    jemalloc
+    jemalloc-devel
+    krb5-devel
+    libcurl-devel
+    libffi-devel
+    libicu-devel
+    libyaml-devel
+    openssl-devel
+    pkgconfig
   )
 end
 
+# How to install git? RHEL 7 can use End Point.
+default['gitlab']['git_recipe'] = value_for_platform(
+  %w( redhat centos scientific oracle ) => { '< 7' => 'source' },
+  'amazon' => { '>= 0' => 'source' },
+  'fedora' => { '< 24' => 'source' },
+  'debian' => { '< 9' => 'source' },
+  'ubuntu' => { '< 16.04' => 'source' },
+  'default' => 'package'
+)
+
 default['gitlab']['trust_local_sshkeys'] = 'yes'
 
 default['gitlab']['https'] = false
@@ -133,19 +154,16 @@
 default['gitlab']['ldap']['allow_username_or_email_login'] = true
 default['gitlab']['ldap']['user_filter'] = ''
 
-# Secrets
-default['gitlab']['secrets']['production_db_key_base'] = 'production' # UPDATE THIS, at least 30 chars. Used to encrypt Variables.
-
-# Gravatar
-default['gitlab']['gravatar']['enabled'] = true
-
 # Mysql
 default['mysql']['server_root_password'] = 'Ch4ngm3'
 default['build-essential']['compile_time'] = true # needed for mysql chef_gem
 
+# PostgreSQL
+default['postgresql']['contrib']['extensions'] = ['pg_trgm']
+
 # nginx
 default['nginx']['default_site_enabled'] = false
 
-# Gitlab git http server
-default['gitlab']['git_http_server_revision'] = 'master'
-default['gitlab']['git_http_server_repository'] = 'https://gitlab.com/gitlab-org/gitlab-git-http-server.git'
+# GitLab Workhorse
+default['gitlab']['workhorse_revision'] = 'v1.0.1'
+default['gitlab']['workhorse_repository'] = 'https://gitlab.com/gitlab-org/gitlab-workhorse.git'

metadata.rb

@@ -4,18 +4,33 @@
 description 'Installs/Configures gitlab'
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
 name 'gitlab'
-version '8.5.0'
+version '8.14.0'
 issues_url 'https://github.com/atomic-penguin/cookbook-gitlab/issues'
 source_url 'https://github.com/atomic-penguin/cookbook-gitlab'
 
-%w(build-essential zlib readline ncurses git openssh redisio xml
-   ruby_build certificate database logrotate
-   postgresql apt yum-epel selinux_policy).each do |cb_depend|
+%w(
+  apt
+  build-essential
+  certificate
+  database
+  git
+  logrotate
+  ncurses
+  openssh
+  postgresql
+  readline
+  redisio
+  ruby_build
+  selinux_policy
+  xml
+  yum-epel
+  zlib
+).each do |cb_depend|
   depends cb_depend
 end
 depends 'mysql', '~> 6.0'
 depends 'mysql2_chef_gem'
-depends 'nginx', '<3'
+depends 'nginx', '~> 2.7'
 
 %w(redhat centos scientific amazon debian ubuntu).each do |os|
   supports os

recipes/default.rb

@@ -25,6 +25,9 @@
   include_recipe 'yum-epel'
 end
 
+# Install new enough git version
+include_recipe 'gitlab::git'
+
 # Setup the database connection
 case node['gitlab']['database']['type']
 when 'mysql'
@@ -45,9 +48,7 @@
 end
 
 # Install required packages for Gitlab
-node['gitlab']['packages'].each do |pkg|
-  package pkg
-end
+package node['gitlab']['packages']
 
 # Add a git user for Gitlab
 user node['gitlab']['user'] do
@@ -217,9 +218,9 @@ class file open;
 # Write the database.yml
 template "#{node['gitlab']['app_home']}/config/database.yml" do
   source 'database.yml.erb'
-  owner node['gitlab']['user']
+  owner 'root'
   group node['gitlab']['group']
-  mode '0644'
+  mode '0640'
   variables(
     adapter: node['gitlab']['database']['adapter'],
     encoding: node['gitlab']['database']['encoding'],
@@ -248,16 +249,6 @@ class file open;
   )
 end
 
-# Render gitlab secrets file
-template "#{node['gitlab']['app_home']}/config/secrets.yml" do
-  owner node['gitlab']['user']
-  group node['gitlab']['group']
-  mode '0600'
-  variables(
-    production_db_key_base: node['gitlab']['secrets']['production_db_key_base']
-  )
-end
-
 # Copy file rack_attack.rb
 cookbook_file "#{node['gitlab']['app_home']}/config/initializers/rack_attack.rb" do
   owner node['gitlab']['user']
@@ -367,62 +358,26 @@ class unix_stream_socket connectto;
   not_if { File.exist?(bundle_success) }
 end
 
-# Install Gitlab Git HTTP server
-
-## get Go 1.5 # TODO, for future PR find cookbook for Go ie: https://github.com/NOX73/chef-golang
-golang_package = 'https://storage.googleapis.com/golang/go1.5.linux-amd64.tar.gz'
-temp_golangpkg = '/tmp/gitlab_git_http_server.tar'
-
-remote_file temp_golangpkg do
-  source golang_package
-  # checksum node['']['']['checksum']
-  owner 'root'
-  group 'root'
-  mode '0755'
-  notifies :run, 'bash[extract_golang]', :immediately
-  not_if { ::File.exist?('/usr/local/bin/go') }
-end
-
-bash 'extract_golang' do
-  action :run
-  cwd ::File.dirname(node['gitlab']['home'])
-  code <<-EOH
-    tar -C /usr/local -xzf #{temp_golangpkg}
-    rm -f #{temp_golangpkg}
-    EOH
-  not_if { ::File.exist?('/usr/local/bin/go') }
-end
-
-%w(go godoc gofmt).each do |l|
-  link "/usr/local/bin/#{l}" do
-    to "/usr/local/go/bin/#{l}"
-    not_if "test -e /usr/local/bin/#{l}"
-    only_if "test -e /usr/local/go/bin/#{l}"
-    # not_if {File.exists?("/usr/local/bin/#{l}")}
-    # only_if {File.exists?("/usr/local/go/bin/#{l}")}
-  end
-end
-
-# Install gitlab git http server
-git "#{node['gitlab']['home']}/gitlab-git-http-server" do
-  # default repository 'https://gitlab.com/gitlab-org/gitlab-git-http-server.git
-  repository node['gitlab']['git_http_server_repository']
-  revision node['gitlab']['git_http_server_revision']
+# Install GitLab Workhorse
+git "#{node['gitlab']['home']}/gitlab-workhorse" do
+  # default repository 'https://gitlab.com/gitlab-org/gitlab-workhorse.git
+  repository node['gitlab']['workhorse_repository']
+  revision node['gitlab']['workhorse_revision']
   action :sync
   user node['gitlab']['user']
   group node['gitlab']['group']
-  notifies :run, 'bash[compile-git-http-server]', :immediately
+  notifies :run, 'bash[compile-workhorse]', :immediately
 end
 
-bash 'compile-git-http-server' do
+bash 'compile-workhorse' do
   action :run
-  cwd "#{node['gitlab']['home']}/gitlab-git-http-server"
+  cwd "#{node['gitlab']['home']}/gitlab-workhorse"
   code <<-EOH
     make
     EOH
   user node['gitlab']['user']
   group node['gitlab']['group']
-  not_if { ::File.exist?("#{node['gitlab']['home']}/gitlab-git-http-server/gitlab-git-http-server") }
+  not_if { ::File.exist?("#{node['gitlab']['home']}/gitlab-workhorse/gitlab-workhorse") }
 end
 
 # Precompile assets
@@ -437,7 +392,11 @@ class unix_stream_socket connectto;
 
 # Initialize database
 execute 'gitlab-bundle-rake' do
-  command "#{bundler_binary} exec rake gitlab:setup RAILS_ENV=production force=yes && touch .gitlab-setup"
+  # Check the task list below against setup.rake. We can't use
+  # gitlab:setup because db:reset DROPs the database and we don't want
+  # to give the database user permission to create new databases.
+  # https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/tasks/gitlab/setup.rake
+  command "#{bundler_binary} exec rake db:schema:load add_limits_mysql setup_postgresql db:seed_fu RAILS_ENV=production && touch .gitlab-setup"
   cwd node['gitlab']['app_home']
   user node['gitlab']['user']
   group node['gitlab']['group']

recipes/git.rb

@@ -0,0 +1,31 @@
+#
+# Cookbook Name:: gitlab
+# Recipe:: git
+#
+# Copyright 2016, Yakara Ltd
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+git_recipe = node['gitlab']['git_recipe']
+
+yum_repository 'endpoint-git' do
+  description 'git from End Point repository'
+  includepkgs 'git git-core* perl-Git'
+  el = node['platform_version'].to_i
+  baseurl "https://packages.endpoint.com/rhel/#{el}/os/$basearch/"
+  gpgkey "https://packages.endpoint.com/endpoint-rpmsign-#{el}.pub"
+  only_if { git_recipe == 'package' && platform_family?('rhel') }
+end
+
+include_recipe "git::#{git_recipe}"